[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Retrieving information from Active Directory
try searching for (objectclass=*). It might give a referal URL such as
CN=Configuration, DC=totalflood,DC=com. Try changing CN=Configuration to
CN=Users and do a search for (objectclass=*).
Beyond that, I'm not sure.
Aaron
Quoting Stephen Carville <stephen@totalflood.com>:
> Thank you for the reply.
>
> The "administrator" account on the DC was renamed to "total" so here
> is the command I tried:
>
> ldapsearch -D "cn=total,cn=users,dc=totalflood,dc=com" -x
> -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com"
> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v
> -w <total_password>
>
> The results:
>
> ldap_init( 192.168.124.10, 0 )
> ldap_bind: Invalid credentials
> additional info: 80090308: LdapErr: DSID-0C09030B, \
> comment: AcceptSecurityContext error, data 525, v893
>
> I also tried it with -P2.
>
> I ran a sniffer on my workstation and can see the transaction so I
> know the packets are getting thru. There is nothing I can find in
> the
> Windows logs that even indicate a request was made.
>
> The server runs in mixed-mode so I tried it without the -D:
>
> ldapsearch -x -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com"
> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v
>
> Results:
>
> ldap_init( 192.168.124.10, 0 )
> filter:
> (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
> requesting: ALL
> version: 2
>
> #
> # filter:
> (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> I am not sure if that is progress or not :-)
>
> On Mon, 14 Oct 2002, Aaron Anderson wrote:
>
> - Sorry made a mistake in my command list below. It should be:
> -
> - ldapsearch -W -D
> "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
> - -x -h <ip of ad box> -b "cn=users,dc=domain,dc=test,dc=com"
> - "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
> -
> - Also another side note is that if you setup your Active Directory
> in
> - mixed-mode, you shouldn't need to bind to the directory (ie you don't
> need
> - the -W and -D arguments). If it is setup in native mode, then you
> do.
> - I'm about 80% sure that is accurate. You may want to post in a M$
> ng
> - about that.
> -
> -
> - Aaron
> -
> -
> - Quoting Aaron Anderson <aaron@echostar.ca>:
> -
> - > To use LDAP search against a LDAP directory, you have to do the
> - > following:
> - >
> - > If your active directory name is domain.test.com then
> - >
> - > ldapsearch -W -D
> "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
> - > -x
> - > -h <ip of ad box> -b "cn=users,dc=nexus2k,dc=psynch,dc=com"
> - > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
> - >
> - > That should list all of the users.
> - >
> - > Aaron
> - >
> - >
> - > Quoting Stephen Carville <stephen@totalflood.com>:
> - >
> - > > I am settng up a mail server and trying to use openldap so I
> can
> - > > create a public addressbook. I hope to populate this with
> - > informatin
> - > > gleaned from Active Directory but, so far, I haven't been able
> to
> - > get
> - > > anything useful.
> - > >
> - > > So how I can get the user information out of active directory?
> I
> - > have
> - > >
> - > > searched Google and found references to using ldapsearch but none
> of
> - >
> - > > the instruction worked. I am really new to ldap so I may be
> - > > overlooking the obvious.
> - > >
> - > > I am running version 2.0.11 on Redhat 7.2.
> - > >
> - > > --
> - > > -- Stephen Carville
> - > > UNIX and Network Administrator
> - > > DPSI (formerly Ace USA Flood Services)
> - > > 310-342-3602
> - > > stephen@totalflood.com
> - > >
> - > >
> - >
> - >
> - >
> - >
> - > -----------------------------------------------------------------
> - > Secure Webmail sent through: Echostar Solutions - www.echostar.ca
> - >
> -
> -
> -
> -
> - -----------------------------------------------------------------
> - Secure Webmail sent through: Echostar Solutions - www.echostar.ca
> -
>
> --
> -- Stephen Carville
> UNIX and Network Administrator
> DPSI (formerly Ace USA Flood Services)
> 310-342-3602
> stephen@totalflood.com
>
>
-----------------------------------------------------------------
Secure Webmail sent through: Echostar Solutions - www.echostar.ca